apiVersion:v1kind:Secretmetadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboard-certsnamespace:kube-systemtype:Opaque---apiVersion:v1kind:ServiceAccountmetadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboardnamespace:kube-system---# ------------------- Dashboard Role & Role Binding ------------------- #kind:RoleapiVersion:rbac.authorization.k8s.io/v1beta1metadata:name:kubernetes-dashboard-minimalnamespace:kube-systemrules:# Allow Dashboard to create and watch for changes of 'kubernetes-dashboard-key-holder' secret.-apiGroups:[""]resources:["secrets"]verbs:["create","watch"]# Allow Dashboard to get, update and delete Dashboard exclusive secrets.-apiGroups:[""]resources:["secrets"]resourceNames:["kubernetes-dashboard-key-holder"]verbs:["get","update","delete"]# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.-apiGroups:[""]resources:["configmaps"]resourceNames:["kubernetes-dashboard-settings"]verbs:["list","get","update"]# Allow Dashboard to get metrics from heapster.-apiGroups:[""]resources:["services"]resourceNames:["heapster"]verbs:["proxy"]---apiVersion:rbac.authorization.k8s.io/v1beta1kind:RoleBindingmetadata:name:kubernetes-dashboard-minimalnamespace:kube-systemroleRef:apiGroup:rbac.authorization.k8s.iokind:Rolename:kubernetes-dashboard-minimalsubjects:-kind:ServiceAccountname:kubernetes-dashboardnamespace:kube-system---# ------------------- Dashboard Deployment ------------------- #kind:DeploymentapiVersion:extensions/v1beta1metadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboardnamespace:kube-systemspec:replicas:1revisionHistoryLimit:10selector:matchLabels:k8s-app:kubernetes-dashboardtemplate:metadata:labels:k8s-app:kubernetes-dashboardspec:containers:-name:kubernetes-dashboardimage:gcr.io/google_containers/kubernetes-dashboard-amd64:v1.7.1ports:-containerPort:9090protocol:TCP# 这里个人添加一些必要的envenv:-name:SERVICE_9090_CHECK_HTTPvalue:"/"-name:SERVICE_9090_CHECK_INTERVALvalue:"15s"-name:SERVICE_9090_CHECK_TIMEvalue:"1s"-name:SERVICE_NAMEvalue:kubernetes-dashboard-name:SERVICE_TAGSvalue:urlprefix-dashboard.quark.com/# 指定获取pod ip-name:POD_IPvalueFrom:fieldRef:fieldPath:status.podIPargs:# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:port---authentication-mode=basic# 这里添加一个连接heapster---heapster-host=http://heapster.kube-system.svc.cluster.localvolumeMounts:# Create on-disk volume to store exec logs-mountPath:/tmpname:tmp-volumelivenessProbe:httpGet:path:/port:9090initialDelaySeconds:30timeoutSeconds:30volumes:-name:tmp-volumeemptyDir:{}# 这里的serviceAccountName改成defaultserviceAccountName:default# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:-key:node-role.kubernetes.io/mastereffect:NoSchedule